move to a unix box never trust IIS/W2k ! -----Original Message----- From: G Schneider [mailto:[EMAIL PROTECTED]] Sent: Saturday, December 08, 2001 10:39 AM To: [EMAIL PROTECTED] Subject: [PHP-WIN] my MySQL hacked?
Okay, okay okay... I got up this morning to discover that my MySQL server has had ALL its databases DELETED except for the mysql.* one. When looking in the mysql.user table, I discovered that there were now TWO "root" users - except the new one required NO password. Also, another root-access user had been given a twin (same username), but requiring no password. Into the bargain, all records on the mysql.db table had been erased. Now what the HELL do you think caused this? The server is protected by a firewall, running on IIS5/Windows2000, and nope - nobody with root access gave their password away. Could it have been a virus? This morning several viruses were cleared off the hard-drive of the server (uploaded by members). Is there a virus that can do this? If so, what is it? Thankfully the MySQL server was not available for general use (to our members) but was undegoing a sort-of 'testing period'. So nothing important was lost. But I don't want to see this happen again! So can anybody shed any light onto what could have caused this?!??! Thanks, - Jefferrs (p.s. this post is being cross-posted to both alt.comp.lang.php and alt.php.sql) - Jefferrs -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
